Skip to main content
NetApp adopts Microsoft’s Business-to-Customer (B2C) Identity Management
Effective December 3 - NetApp adopts Microsoft’s Business-to-Customer (B2C) identity management to simplify and provide secure access to NetApp resources. For accounts that did not pre-register (prior to Dec 3) access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity. To learn more, Read the FAQ and Watch the video. Need assistance? Complete this form and select “Registration Issue” as the Feedback Category. 
NetApp Knowledge Base

What are .nfsXXXX files and how do I delete them?

Last Updated:

Applies to



Files with a naming convention like .nfsXXXX are created by NFS clients when a file that is currently opened on a client is deleted by that client. The client renames the file to .nfsXXXX which discourages other clients/processes from utilizing the file. The client that does the rename should delete the file once it's been closed by the client process. This delete might not occur if the client is dsiconnected, rebooted,  or the process that would issue the delete is terminated.

These files are not generated by an ONTAP process and are only created in response to client requests.

Finding the NFS client and process using a .nfsxxxx file may be very time consuming. It would require checking every process on every NFS client that could be accessing the NFS share containing the file. A utility such as lsof may be used to determine the process using the .nfsxxxx file. To prevent .nfsXXXX files from being created, do not remove a file when it is open. If the .nfsxxxx file is determined to no longer be in use then it may be removed. If a remove results in a new .nfsxxxx file then a process on that NFS client has the file open.

Demonstration for creating and removing .nfsxxxx files:

  1. From the NFS client, create a file in the mounted NFS share and open it with the tail command. Suspend the process with ctrl-z or open a new terminal to complete the rest of the demonstration.

    shell# echo test > foo
    shell# tail -f foo
    [1]+ Stopped tail -f foo

  2. Remove the file foo to make the NFS client create the .nfsxxxx file.

    shell# rm foo
    shell# ls -A

  3. Observe that subsequent rm commands only make the NFS client rename the file again.

    shell# rm .nfs5ACF
    shell# ls -A

  4. Locate the process that has the file open using lsof or fuser.

    shell# lsof ./.nfs6ACF
    tail    25725 root    3r   REG    8,1 27603 6647 .nfs6ACF

    shell# fuser .nfs6ACF
    .nfs6ACF 25725o

  5. Finally, terminate the process holding the file open and observe that the .nfsxxx file is now removed.

    shell# kill 25725

    shell# ls -al
    total x
    drwxr-sr-x  2 root src    400 Mar 29 15:39 .
    drwxrwsr-x 36 root src   3336 Mar 21 09:37 ..

Additional Information

Whether it can be determined from ONTAP if a client has the file open depends on the protocol used:

  • NFSv3: Usually no lock is present as NFSv3 is stateless.
  • NFSv4.0 or 4.1: If a client has the file open, an nfsv4 or nfsv4.1 lock will be present.

cluster2::> vserver locks show -vserver svm1 -volume unix -path /unix/.nfs000000000000006000000009
Vserver: svm1
Volume   Object Path               LIF         Protocol  Lock Type   Client
-------- ------------------------- ----------- --------- ----------- ----------
unix     /unix/.nfs000000000000006000000009
                                               nfsv4     share-level
                Sharelock Mode: write-deny_none

  • Only if an nfsv4 or nfsv4.1 lock is present for a file can the client IP be determined.
  • If no locks are present, there are no commands that can show if an NFSv3 client is using the file.

NOTE: For ONTAP releases prior to 9.8, obtaining the client IP for nfsv4 and nfsv4.1 type locks requires additional diag mode commands.

Please contact NetApp Technical Support and reference this article for further assistance. The solution requires Diagnostic-level recovery. The use of Diagnostic commands and recovery steps are potentially disruptive and should only be used when directed by NetApp personnel.